Re: [TLS] Rethink TLS 1.3
Nico Williams <nico@cryptonector.com> Mon, 24 November 2014 17:00 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A62BF1A8729 for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 09:00:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Level:
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbtaP7rWPNMw for <tls@ietfa.amsl.com>; Mon, 24 Nov 2014 09:00:06 -0800 (PST)
Received: from homiemail-a67.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id AE8931A6EF4 for <tls@ietf.org>; Mon, 24 Nov 2014 09:00:06 -0800 (PST)
Received: from homiemail-a67.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a67.g.dreamhost.com (Postfix) with ESMTP id 510EA27BC06F; Mon, 24 Nov 2014 09:00:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=VLv6N5prfKKViZ FSGe1dpA1suH4=; b=GoFnjcfOWkLY3NzQUUfXVScWpUb/36sh5oZxjirg56ILjI +m3yf3ytEReCjwrSVUZsEnWwl19bakyqH0VM3ON8HToat9KhOKmtrK6EUFVP1fUm Xb/kmgsIbkFmwl96TX6/rdIHAI/R3aIMSpYPKGMcns+Wrene4lTyqskcv/bLQ=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a67.g.dreamhost.com (Postfix) with ESMTPA id 0BF4227BC06B; Mon, 24 Nov 2014 09:00:05 -0800 (PST)
Date: Mon, 24 Nov 2014 11:00:05 -0600
From: Nico Williams <nico@cryptonector.com>
To: Florian Weimer <fweimer@redhat.com>
Message-ID: <20141124170003.GI3200@localhost>
References: <CACsn0ckmYrx+S--pP6P7VgjsmqQsoYnp+m-9hTPT-OJ9waUtkA@mail.gmail.com> <5470742A.8020002@streamsec.se> <CACsn0cnKqkHxw0Hudw0OGM1mVxZKJhj04ig2G3KtURtWhYTacw@mail.gmail.com> <20141124101744.GC3200@localhost> <547308E2.6060809@streamsec.se> <20141124104226.GE3200@localhost> <54730E1D.8060104@streamsec.se> <20141124105948.GH3200@localhost> <54731F57.5000803@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <54731F57.5000803@redhat.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/rVpXZAkcKBJ1T8VwE545l4Ax_4c
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Rethink TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2014 17:00:07 -0000
On Mon, Nov 24, 2014 at 01:06:47PM +0100, Florian Weimer wrote: > I really doubt that when people talked about the Internet threat > model ten, fifteen years ago, they had adaptive chosen plaintext > attacks in mind. For example, they are not discussed in > <http://tools.ietf.org/html/draft-rescorla-sec-cons-05> (as far as I > can tell). If such attacks are covered by the Internet threat model > today, the model has evolved considerably. They are active attacks by an attacker with full control of the network between the end-points under attack. Therefore they fall squarely under the traditional Internet threat model. We have to take into account even attacks that today seem difficult to mount (as this one seemed not that long ago), but we can't predict future new active attacks. And yet new future active attacks will still be active attacks. I'm not saying that the Internet threat model doesn't require updating (it does, at least as to massive adversary capabilities). I'm saying we shouldn't blame TLS's shortcommings on the Internet threat model. The latter is very high-level, and can't cover every eventually in its small print, but in its high-level view, adaptive chosen plaintext attacks were covered. Nico --
- [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Eric Rescorla
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Hanno Böck
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Ralph Holz
- Re: [TLS] Rethink TLS 1.3 Jeffrey Walton
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Henrick Hellström
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Florian Weimer
- Re: [TLS] Rethink TLS 1.3 Martin Rex
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Martin Rex
- Re: [TLS] Rethink TLS 1.3 Martin Rex
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Salz, Rich
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Brian Smith
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Daniel Kahn Gillmor
- Re: [TLS] Rethink TLS 1.3 Yoav Nir
- Re: [TLS] Rethink TLS 1.3 Hubert Kario
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Hubert Kario
- Re: [TLS] Rethink TLS 1.3 Bodo Moeller
- Re: [TLS] Rethink TLS 1.3 Joseph Salowey
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Peter Gutmann
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Rethink TLS 1.3 Ilari Liusvaara
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Rethink TLS 1.3 Watson Ladd
- Re: [TLS] Rethink TLS 1.3 Peter Gutmann
- Re: [TLS] Rethink TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] Rethink TLS 1.3 Ryan Sleevi
- Re: [TLS] Rethink TLS 1.3 Nico Williams
- Re: [TLS] Rethink TLS 1.3 Peter Gutmann